360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
Geolizer is a patch for Webalizer that uses the GeoIP library to generate faster and more reliable geographic statistics than the default DNS suffix method. It is recommended that DNS reversal be disabled on your HTTP server for improved performance and more accurate statistics. It also supports country flag pictures, can be compiled under MinGW/MSYS, and features a human-readable transfer size display.
AutoNOC is a high performance, production integrated, peer-to-peer network operations management platform for Windows and Linux. It provides real-time historical analysis, root cause, fault detection, reporting, alerts and alarms, and no-nonsense correlation. It is an interoperable vendor independent solution with built-in support for Microsoft, Cisco, Linux, IBM, and other major technologies. Additionally it offers many novel capabilities, including end user personalization, easy scalability, compressed historical databases, infinite histories, event archiving (it works as a syslog server), and multi-language support.
NEPM monitors and reports uptime, critical events and their predecessors, access rates, bytes-served rates, and error rates for network node equipment. Hardware and software elements within the nodes are tracked and reported separately to make possible rapid fault isolation. It is a very general, highly configurable, two-part software system that captures and analyzes logged performance data from IP-networked equipment and reports it via email and Web pages. Current conditions and history from systems based on Windows NT/2000, Unix, and Unix-style operating systems can be tracked and reported. Most major server, switch and router systems can be monitored, without running agents on the target systems. NEPM itself is system-independent and can be hosted on either a Unix or Win NT system or a combination of these with equal ease.
NetUP UTM is a universal billing system for internet service providers of any size. Its modern approach to traffic accounting makes the system compatible with all popular platforms and network devices. Its key features include realtime traffic processing, Cisco Netflow and IP Accounting data collection, support for RADIUS authentication, and cross-platform compatibility. The core of the system is a smart and reliable accounting engine working directly with network equipment. It supports up to 100,000 users at a total speed of up to 3 Gbps. A flexible ratings engine and efficient administration tools make UTM a complete solution for IP/VoIP/WiFi/dial-up billing.
IPFC is software and a framework to monitor multiple types of agents in a heterogeneous distributed environment. Agents can implement logging of elements as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from syslog-servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
Lire is a pluggable log analyzer. It has analyzers for over 25 log file formats, ranging from Apache WWW log files to iptables firewall logs and CUPS printing logs. Reports are generated in 9 different output formats, ranging from Excel 95 to PDF to HTML, optionally with included graphs.